(Cat? OR feline) AND NOT dog?
Cat? W/5 behavior
(Cat? OR feline) AND traits
Cat AND charact*

This guide provides a more detailed description of the syntax that is supported along with examples.

This search box also supports the look-up of an IP.com Digital Signature (also referred to as Fingerprint); enter the 72-, 48-, or 32-character code to retrieve details of the associated file or submission.

Concept Search - What can I type?

For a concept search, you can enter phrases, sentences, or full paragraphs in English. For example, copy and paste the abstract of a patent application or paragraphs from an article.

Concept search eliminates the need for complex Boolean syntax to inform retrieval. Our Semantic Gist engine uses advanced cognitive semantic analysis to extract the meaning of data. This reduces the chances of missing valuable information, that may result from traditional keyword searching.

Publishing Venue

Abstract

A method for running an automatic privacy audit to ensure that a Web based application does not expose private attributes to unauthorized users.

Country

Undisclosed

Language

English (United States)

This text was extracted from a PDF file.

This is the abbreviated version, containing approximately
59% of the total text.

Page 1 of 2

Automated Privacy Policy Audits for Web Based Applications

Disclosed is a mechanism to perform a privacy audit on a Web based application that
holds information about people and has multiple user roles. Not all user roles are
authorized to view all the attributes for privacy reasons. This tool audits that property to
make sure the application keeps it.

Use the following algorithm:

1. Create (manually) at least one dummy entry in each database table. For example, if
an HR application you might create the following user:

Name: Dummy_Name

Manager: Dummy_MgrSSN: 999-99-9999Salary: $50,000

2. For every role, get the username and password for a user in that role and a list of
attributes that should not be available to that role.

This stage is also manual. For example, for the role manager, the user/password
pair might be joe_ceo/big_boss. The use joe_ceo is not
allowed to access the SSN (999-99-9999) in the dummy user example.

3. For every role, run the program to audit privacy automatically. The program performs
the following steps:

3.1. Logs in as the user in that role.3.2. Keep a list of pages visited, start it as empty.3.3. Keep a list of pages to visit, start it with the front page of the application.3.4. Retrieve the first page in the list of pages to visit. That's the current page.3.5. If the current page contains any of the forbidden attributes, then the audit
failed. The user is able to access an attribute [s]he shouldn't
be able to. Optionally, this algorithm...